Overview
Starting from 8.2, SELinux enforcing mode can be enabled on the selected CloudBlue Commerce nodes:
- CloudBlue Commerce MN
- Operations DB
- Billing application
- Billing database
- Billing online store
- CloudBlue Commerce UI
- CloudBlue Commerce branding
- Privacy Proxy
- DNS
- Domain Registrar Plug-ins
- APS Endpoint nodes
- APS proxy node
- Components cluster nodes
To allow enforcing mode of SELinux, special policies are added to control pa-agent, pa-jboss and bm components, as well as extended policies for httpd service. To learn more about these policies, refer to SELinux Policies in CloudBlue Commerce.
Limitations
There are some limitations on enabling SELinux in enforcing mode:
SELinux is not supported by Virtuozzo Containers. If you want to enable SELinux, you need to migrate Virtuozzo Containers to Virtual Machines.
If CloudBlue Commerce Migration manager is installed on your system, do not enable SELinux on CloudBlue Commerce management node.